InfoSecBulletin Cybersecurity for mankind
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow an attacker to escalate their privileges.
The flaws are listed below:
AMD Patches CPU Vulnerability
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104
CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability
Daily Security Update Dated:4.02.2025
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023
.Gov Domains Weaponized in Phishing Surge
RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks
CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service Elevation of Privilege Vulnerability
“Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network,” Microsoft in an advisory for CVE-2025-21415, crediting an anonymous researcher for reporting the flaw.
CVE-2025-21396 is a security vulnerability caused by a lack of authorization, allowing unauthorized users to gain elevated privileges on a network. It was discovered by security researcher Sugobet.
The tech giant acknowledged a proof-of-concept exploit for CVE-2025-21415 but confirmed that both vulnerabilities have been fully addressed, requiring no action from customers.
Microsoft is improving transparency by issuing CVEs for critical cloud service vulnerabilities, regardless of whether customers need to apply a patch or take other actions for security.
“As our industry matures and increasingly migrates to cloud-based services, we must be transparent about significant cybersecurity vulnerabilities that are found and fixed,” it noted back in June 2024.
“By openly sharing information about vulnerabilities that are discovered and resolved, we enable Microsoft and our partners to learn and improve. This collaborative effort contributes to the safety and resilience of our critical infrastructure.”
